pam_get_items - A PAM test module to retrieve module-specific PAM items
PAM modules store data in PAM items. These items are only accessible from
module context, not application context as they might include private data
(PAM_AUTHTOK normally contains the password). But when testing PAM modules,
it’s often nice to make sure a PAM module under test sets items for the
next module the way it’s supposed to. The pam_get_items module makes
this possible by exporting all PAM items as environment variables using
pam_putenv. The environment variable name is the same as the constant name of
the PAM item.
All module types (account, auth, password and
session) are provided.
Consider an example that tests that pam_unix puts the password it reads onto PAM
stack. The test service file would contain:
auth required pam_unix.so
auth required pam_get_items.so
Then the test would run the PAM conversation and afterwards
call:
pam_getenv(pamh, "PAM_AUTHTOK");
To retrieve the password.